• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Trickbot Launches Personalized Spear Phishing Attacks
November 8, 2019
Rewterz Threat Alert – DarkUniverse APT Framework
November 11, 2019

Rewterz Threat Alert – Emotet Malware – IoCs

November 11, 2019

Severity

High

Analysis Summary

Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email. Emotet may try to persuade users to click the malicious files by using tempting language about “Your Invoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies.

Emotet has gone through a few iterations. Early versions arrived as a malicious JavaScript file. Later versions evolved to use macro-enabled documents to retrieve the virus payload from command and control (C&C) servers run by the attackers.

Impact

Financial loss

Indicators of Compromise

SH256

  • 19af5bfb8decc32253875836c39031a7e8258d167af7d0332527d0bcecb0c2b2
  • 1a762540a795a8daa194322648a2d0072ed65da6e961989b284c31cb57f68405
  • 226a36d5c22d1222e1a29d9b1eb8a072e39c5901c7b34654dc303ee6aa19f577
  • 252dc0a071edf76775a0a954287fc0cc7ebb45e6f6849f210f747027d5cdeaf1
  • 47699a9bb49acddb8c3ccc90dd7059d9677c2337878972d289fe8b656d44119d
  • 56524c7f2264ebf2f309fc400eac6016df092c75c6871669d141fcab966fdb10
  • 66f0b3b78d41b0164d680f850808ae9133b8f01746662292209aa32588e5db08
  • 872e9f66d27895a16d84e9c2ab50708693dd85ae47ad01ccd62b884bfbb2ad56
  • a35c5cd847e920a0655e99c9886aab94c91a190b3d0ef81d077e91840aa7c17b
  • a3f8cb08735b481402bbe20ac0b2acfb827feac8f62d9d37db3aee0ae03c826f
  • a9b18b8eb2f84bac3e831bcead88b525e623e0a3b7c71fc54130b99b3c12969f
  • b6e62040ec8b2a92762f654d7f561c761235d6cb688e476c45e96b5355154759
  • cb1418e28836dca5fb61a788ce324e9e4d1c3b1e4de6cdada721786f4ea8e12c
  • e6d81855312d026966d95dd51dc09a23fa743d21bb2edb4f8943d767fff54a25
  • eaa809f6ebdc3ddceba5b7d61bfe29db87f098a4c7bec05243c59df51406dfa1
  • ffa68a8f6da85239d67cc3900d6ec7c573ae607cd9061389b260c2f5034dd4a0

URL

  • http[:]//altruisme[.]id/wp-admin/vZKnZqjMqsPuwinXFnaBOzVfQe/
  • http[:]//apple-doctor[.]co[.]kr/wp-includes/57ue8yxbj9cnltpw79ovgprc79mcgfwrg3g/
  • http[:]//blog[.]nalanchenye[.]cn/sjnx/ev7j3w2wuzw9c06sfnsl1pkxomci0k8tx/
  • http[:]//blog[.]yaobinjie[.]top/wp-admin/97e4bgd1ipa2xkuy2nmk5ebueof2rugff7/
  • http[:]//garatuonline[.]es/wp-admin/ayr56gh65xnuncin8l0ddkngn0gkt2/
  • http[:]//giftcatelogz[.]com/wp-admin/cb10wpgm89ysnysitilbbd084/
  • http[:]//jftwebmarketing[.]com/mcc/yrjdo5ui3iuvfcu9e1svri/
  • http[:]//korekortviborg[.]dk/wsxq66h/mnWlDLjshjGVzx/
  • http[:]//mynet07[.]com/wp-admin/bFEYqYEGLBypImyyjc/
  • http[:]//nirvana-memorial[.]co[.]th/cgi-bin/ih929uqqn27650xrm/
  • http[:]//puskesmasmanguharjo[.]madiunkota[.]go[.]id/hfoiawj24jr/zUbarcSMvgXc/
  • http[:]//quangcaogiaodich[.]com/wp-content/upgrade/jzkowiu4uobwywynyj7/
  • http[:]//sabzoabi[.]ir/abiosabz[.]ir/mj4qdtd83jid8ibxg9awoe/
  • http[:]//shreeharisales[.]org/wp-admin/oLJDQSyjhXrWuCkCUhpHETW/
  • http[:]//test[.]oeag[.]at/lare/xzfjglc0ygmm5869qhjlbil/
  • http[:]//www[.]awardglobal[.]cn/gsae9da/98ner0e6ynm8wp4jkyrnm4sixrufzjkddvg9/
  • http[:]//www[.]cyberoceans[.]ng/cgi-bin/5aua6r6yif7oi2adx2uvh3bq459429hape6ju/
  • http[:]//www[.]digitalsushi[.]it/wp-admin/MQlQnlzmtaX/
  • http[:]//www[.]dolphininsight[.]it/wp-includes/wIAxwfTVtpEDixSmDMrVE/
  • http[:]//www[.]dty5[.]com/aqs2q/i0vzxgxwb2qyiwopfw5x0xghz86b1/
  • http[:]//xe-logistics[.]com/san/lba70p8gsncc1fi4wy3cwugxbjrk/

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.